Aggregator

有关CVE-2025-1584的原理及利用

Behind every security alert is a bigger story. Sometimes it’s a system being tested. Sometimes it’s trust being lost in quiet ways—through delays, odd behavior, or subtle gaps in control. This week, we’re looking beyond the surface to spot what really matters. Whether it’s poor design, hidden access, or silent misuse, knowing where to look can make all the difference. If you're responsible for

OpenAI banned ChatGPT accounts tied to Russian and Chinese hackers using the tool for malware, social media abuse, and U.S. satellite tech research. OpenAI banned ChatGPT accounts that were used by Russian-speaking threat actors and two Chinese nation-state actors. The blocked accounts were used to assist malware development, social media automation, and research about U.S. […]

QNAP has issued a security advisory warning users of Qsync Central about two critical vulnerabilities that could allow attackers to access sensitive data or execute malicious code. The affected software is widely used for synchronizing files across QNAP NAS devices and connected clients. Below is a comprehensive analysis of the vulnerabilities, their technical details, and […]

The post Multiple QNAP Flaws Allow Remote Attackers to Hijack User Accounts appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Papendorf SOL Connect Center 3.3.0.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to missing authentication. This vulnerability is handled as CVE-2025-5871. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in eGauge EG3000 Energy Monitor 3.6.3. It has been classified as problematic. This affects an unknown part of the component Setting Handler. The manipulation leads to missing authentication. This vulnerability is uniquely identified as CVE-2025-5872. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling. The vendor was contacted early about this disclosure but did not respond in any way.

Увидел химиотрассу — срочно звони в Национальную гвардию. Штат Луизиана тебя поймёт.

A vulnerability classified as critical has been found in Sitecubed Mailworks Professional. Affected is an unknown function of the component Cookie Handler. The manipulation with the input auth=1 leads to improper authentication. This vulnerability is traded as CVE-2004-1661. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

关键词数据泄露研究人员周三表示,黑客发布了8600万份AT&T记录,其中包含解密的社会安全号码和个人数据,详细

关键词网络攻击一个以经济利益为动机的黑客组织UNC6040，近期采用一种简单但高效的手段入侵企业环境：打电话假

关键词数据泄露2025年6月初，美国知名税务解决服务公司 Optima Tax Relief 遭遇了Chaos

关键词网络攻击2025年6月，OpenAI 官方发布最新威胁情报报告，披露其已封禁一批被用于恶意用途的 Cha

Congress and federal agencies can take some simple steps to better protect open-source software.

The post Unverified code is the next national security threat appeared first on CyberScoop.

A new Trump Executive Order limits the use of cybersecurity-related sanctions only against foreign malicious actors

You don’t need a rogue employee to suffer a breach. All it takes is a free trial that someone forgot to cancel. An AI-powered note-taker quietly syncing with your Google Drive. A personal Gmail account tied to a business-critical tool. That’s shadow IT. And today, it’s not just about unsanctioned apps, but also dormant accounts, unmanaged identities, over-permissioned SaaS

A new Remote Access Trojan (RAT) named DuplexSpy has surfaced, posing a significant threat to Windows-based systems worldwide. Developed in C# by GitHub user ISSAC/iss4cf0ng and released publicly on April 15, 2025, with a stated intent of “educational purposes,” this multi-functional malware offers attackers unprecedented control over compromised machines. Sophisticated Threat Emerges with Modular Capabilities […]

The post New DuplexSpy RAT Gives Attackers Full Control Over Windows Machines appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

为规范促销经营行为，维护“6·18”期间网络交易秩序，保护消费者合法权益，近日，市场监管总局向综合电商、直播电商、跨境电商等平台企业发布“6·18”网络集中促销合规提示。

意见反馈截止日期为2025年7月6日前。

《中国网络法治发展报告（2024年）》全文发布

作为专精特新示范企业、原创技术策源地和云计算创新联合体，天翼云科技有限公司在实现自身高质量发展的同时，积极探索构建科学合理的网络安全人才评价体系，为网络安全人才评价体系的创新与发展提供更多理论实践依据，助力我国网络安全人才队伍的高质量发展。